precise value, appropriate to each reai-time event that acts on the chip 
cards, thus limiting and controlling the rights pertaining to these events. 

The information given by the register R is thus capable of checking 
a piece of information, for example at the microprocessor or any other 
entity external to the software architecture, on the identification of the 
zone of the software architecture concerned by the application being 
executed. 

The information given by the register R enables the checking of the 
zone of the memory of the chip card in which the application is entitled to 
come into action, namely the memory space that it is permitted to access. 
Thus, any user attempting to make fraudulent use of the operating system 
in order to recover data pertaining to a particular application is refused 
access to this data. Indeed, the bits of the state register in this case are 
different from the bits that might correspond to a cal! DC ALL of the 
particular application in question. The addresses which it is sought to 
access and the bits of the register R, sent by the microprocessor by 
means of the link 230, are compared with each other in the controller of 
access to the memory 220. Should it be the case that the addresses of 
the memory that it is sought to access are not addresses belonging to the 
authorized field of the last application having performed a DCALL type 
call, then a piece of information on illegal access prohibits access to these 
memories. 

The device according to the invention thus provides great security 
in the sense that data elements destined for one application cannot be 
used by another application. 

A second register CS makes it possible to retain in memory a code 
proper to the applications that were active at the last call instruction 
DCALL sent by the current application, namely those that are to be 
performed following the current application. 

When the current application has finished being executed, a return 
instruction DRET is executed by the microprocessor and the data 
elements contained in the second register CS enable a return to the 
application that was being performed previously and had been activated 
by a call DCALL. The register R is also updated. 

The second register CS cannot be directly accessed by the 
applications of the chip card. This is in order to ensure the integrity of the 
device when it is put into operation during the execution of a return 
instruction DRET. 



When the execution of the current application is finished, the bits of 
the register R assume a vaiue specific to the application that was being 
performed previously, restoring its rights and limits in terms of memory 
access. 

The memory zone access device according to the invention gives a 
high level of security in terms of access to the different zones of the 
memory, for a software architecture such as the one shown in Figure 1. 



WHAT IS CLAIMED IS : 

1. A device for access to applications of a chip card comprising a 
microprocessor associated with an operating system working with a set of 
instructions, a program memory and a battery of applications in a memory 
of the chip card, wherein the device comprises: 

- a register of the microprocessor to store a code, on several check 
bits, proper to an entity brought into play, 

- a call instruction and an instruction for the return of the set of 
instructions to instantaneously and automatically update the register 
during the action by a new entity, 

- a checking device for the checking, as a function of the check bits, 
of the authorized nature of the access to the zones of the memory of the 
chip card by the new entity that is called or takes action in the chip card, 

- a first link to transmit the check bits from the microprocessor to 
the checking device. 

2. A device for access to applications of a chip card according to 
claim 1, comprising a second register to store a code proper to the 
applications active at the time of the last call instruction sent. 

3. A device for access to applications of a chip card according to 
one of the claims 1 or 2, wherein the entity that is called or takes action in 
the chip card is an application of the battery of applications. 

4. A device for access to applications of a chip card according to 
one of the claims 1 or 2, wherein the entity is a hardware event. 



